About this infection

Command Prompt Virus is a ransomware that does not actually encrypt your files, merely renames them. Discovered by malware researcher Jakub Kroustek in 2016, the malware seemed to be under development. It was not actively distributed so it’s unlikely anything has changed. There are two variants of this infection, PayDOS and Serpent, the latter being a newer version. Unlike most ransomware, this one does not encrypt files, just renames them. However, the ransom note claims otherwise.

Most Common Ransomware Spread Methods 2018

It will say that files have been encrypted and that victims needs to send 0.33 Bitcoins to the provided address to get a password to recover files. Back in 2016, 0.33 Bitcoin was worth little in comparison, but now it’s around three thousand dollars. The password was revealed to be AES1014DW256 for PayDOS and RSA1014DJW2048 for Serpent. When the password is put in, file names go back to normal. However, even without the password, the victim could manually rename the files and they would open as usual.

Theoretically, if this ransomware was fully functional and actually encrypted files, we would not recommend paying the ransom, as we don’t in all ransomware cases. It would be a better idea to simply delete Command Prompt Virus and invest into reliable backup.

How does ransomware spread?

It’s unlikely that you would get this ransomware, but we would like to take the chance to warn you about how most ransomware spread. They are usually spread via spam email attachments, malicious ads and fake downloads. Users are pretty careless when it comes to dealing with email attachments, and open them without even considering the dangers of doing that. Be especially cautions if it’s a sender you are not familiar with. Before opening the attachment, whether it’s seemingly from some legitimate company or government organization, look for signs that it’s not what it seems. For example, if you have an Amazon account and get an email from the company, your name will always be used in the greeting. General greetings (Dear Customer/User/Member, etc.) used instead of your name should cause suspicion, as if it was a legitimate email from Amazon, your name would be put in automatically. Grammatical mistakes are also pretty common in those malicious emails. In short, unless you make sure it’s 100% safe, do not open random email attachments.

When it comes to ads, avoid clicking on them when on questionable websites as they could be malicious. And you should only download things from trusted sources, not dubious ones like Torrents, which can easily be take advantage of to spread malware.

A closer look at Command Prompt Virus

PayDOS is essentially a batch file converted into an executable, which when launched will extract the batch file into the %Temp% folder. The batch file will then scan for specific file extensions and then rename the files. It merely renames the files, they are not encrypted. A ransom note would then pop up, claiming that creators are sorry you are seeing the message. It states that files have been encrypted, and that the victim needs to pay 0.33 Bitcoin. A password would then be sent to you and you would be able to decrypt files. Since files are not actually encrypted, the victim could just change back the file names and access files as normal. Or they could put in the password we’ve mentioned above. Everything should go back to normal after the password is put in.

Serpent works the same way, but it adds a non-working email address to the ransom note, serpent.ransom@notrealemail.com. It also has a different password, which was also mentioned above.

Command Prompt Virus removal

Again, theoretically, if you needed to delete Command Prompt Virus, you would need to obtain anti-malware software. Manual elimination would not be recommended because inexperienced users might end up harming their computers.

Automated Removal Tools

  • reimage

    Reimage Repair is a legitimate utility that can be used to remove virus damage from your computer thus improving its working ability. The application comes in two different versions: the full version, ...

    Download|more
  • SpyHunter-4

    Why You Need to Download Spyhunter 4? Every day malware becomes more and more powerful and sneaky. It evolves at unbelievable speed while hackers come up with new ways to avoid detection by security ...

    Download|more
  • malwarebytes-logo2

    While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...

    Download|more

Quick Menu

Step 1. Delete Command Prompt Virus using Safe Mode with Networking.

Remove Command Prompt Virus from Windows 7/Windows Vista/Windows XP
  1. Click on Start and select Shutdown.
  2. Choose Restart and click OK. Windows 7 - restart
  3. Start tapping F8 when your PC starts loading.
  4. Under Advanced Boot Options, choose Safe Mode with Networking. Remove Command Prompt Virus - boot options
  5. Open your browser and download the anti-malware utility.
  6. Use the utility to remove Command Prompt Virus
Remove Command Prompt Virus from Windows 8/Windows 10
  1. On the Windows login screen, press the Power button.
  2. Tap and hold Shift and select Restart. Windows 10 - restart
  3. Go to Troubleshoot → Advanced options → Start Settings.
  4. Choose Enable Safe Mode or Safe Mode with Networking under Startup Settings. Win 10 Boot Options
  5. Click Restart.
  6. Open your web browser and download the malware remover.
  7. Use the software to delete Command Prompt Virus

Step 2. Restore Your Files using System Restore

Delete Command Prompt Virus from Windows 7/Windows Vista/Windows XP
  1. Click Start and choose Shutdown.
  2. Select Restart and OK Windows 7 - restart
  3. When your PC starts loading, press F8 repeatedly to open Advanced Boot Options
  4. Choose Command Prompt from the list. Windows boot menu - command prompt
  5. Type in cd restore and tap Enter. Uninstall Command Prompt Virus - command prompt restore
  6. Type in rstrui.exe and press Enter. Delete Command Prompt Virus - command prompt restore execute
  7. Click Next in the new window and select the restore point prior to the infection. Command Prompt Virus - restore point
  8. Click Next again and click Yes to begin the system restore. Command Prompt Virus removal - restore message
Delete Command Prompt Virus from Windows 8/Windows 10
  1. Click the Power button on the Windows login screen.
  2. Press and hold Shift and click Restart. Windows 10 - restart
  3. Choose Troubleshoot and go to Advanced options.
  4. Select Command Prompt and click Restart. Win 10 command prompt
  5. In Command Prompt, input cd restore and tap Enter. Uninstall Command Prompt Virus - command prompt restore
  6. Type in rstrui.exe and tap Enter again. Delete Command Prompt Virus - command prompt restore execute
  7. Click Next in the new System Restore window. Get rid of Command Prompt Virus - restore init
  8. Choose the restore point prior to the infection. Command Prompt Virus - restore point
  9. Click Next and then click Yes to restore your system. Command Prompt Virus removal - restore message

Site Disclaimer

2-remove-virus.com is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply